Assigning An Action To A Policy; Configuring The Protocol For A Policy; Verifying A Policy - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Configuring IPsec on the OmniSwitch
Assigning an Action to a Policy
To define what action will be performed on the traffic specified in the security policy, you can use the
following parameters:
•
discard - Discards the IPv6 packets.
•
ipsec - Allows IPsec processing of the traffic to which this policy is applied.
If the action is ipsec, then a rule must be defined before the policy can be enabled. Additionally, SAs and
SA keys must also be configured to support the rule.
•
none - No action is performed.
The above commands could be modified to discard the traffic instead of processing using IPsec.
-> ipsec policy tcp_in discard
-> ipsec policy tcp_out discard
Configuring the Protocol for a Policy
You can define the type of protocol to which the security policy can be applied by using the protocol
parameter. For example:
-> ipsec policy udp_in source ::/0 destination 3ffe:200:200:4001::99 protocol
udp in ipsec description "IPsec on all inbound UDP" no shutdown
The following table lists the various protocols that can be specified, refer to the
additional details.
protocol
any
ospf
Verifying a Policy
To verify the configured IPsec policy, use the
-> show ipsec policy
Name
Priority Source-> Destination
-----------+--------+-----------------------------+--------+-------+-------+------
tcp_in
500
tcp_out
500
ftp-in-drop
100
telnet-in-1
100
The above command provides examples of various configured policies.
Note. The presence of a '+' sign in the 'Source->Destination' or 'Action' indicates the values has been
truncated to fit. View a specific security policy to view additional details.
You can also verify the configuration of a specific security policy by using the
command followed by the name of the security policy. For example:
page 27-14
icmp6[type type]
tcp
vrrp
number protocol
show ipsec policy
3ffe:1:1:1::99->3ffe:1:1:1::1
3ffe:1:1:1::1->3ffe:1:1:1::99
::/0->::/0
2000::/48->::/0
OmniSwitch AOS Release 6 Network Configuration Guide
ipsec policy
udp
command. For example:
Protocol Direction Action State
TCP
in
ipsec esp
TCP
out
ipsec esp
TCP
in
discard disabled
TCP
in
ipsec
show ipsec policy
Configuring IPsec
command for
active
active
disabled
September 2009
Hide quick links:
Advertisement
Table of Contents
